MAL-2023-1386

See a problem?
Import Source
https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/pandasprox/MAL-2023-1386.json
JSON Data
https://api.test.osv.dev/v1/vulns/MAL-2023-1386
Published
2023-05-17T13:05:34Z
Modified
2023-08-10T06:17:50Z
Summary
Malicious code in pandasprox (PyPI)
Details

-= Per source details. Do not edit below this line.=-

Source: ossf-package-analysis (09102fb6db10bc8a136ca7a902415e21c97a31cbf416c904a7efc49a10757320)

The OpenSSF Package Analysis project identified 'pandasprox' @ 0.1.9 (pypi) as malicious.

It is considered malicious because: - The package executes one or more commands associated with malicious behavior.

Database specific 
{
    "malicious-packages-origins": [
        {
            "modified_time": "2023-05-17T14:33:55.85186899Z",
            "import_time": "2023-08-10T06:17:03.892598154Z",
            "versions": [
                "0.1.9"
            ],
            "source": "ossf-package-analysis",
            "sha256": "09102fb6db10bc8a136ca7a902415e21c97a31cbf416c904a7efc49a10757320"
        },
        {
            "modified_time": "2023-05-17T13:49:39.096213027Z",
            "import_time": "2023-08-10T06:17:03.663004234Z",
            "versions": [
                "0.1.8"
            ],
            "source": "ossf-package-analysis",
            "sha256": "517ff6909396aac52db13dda18dede377ad26bc8b6520de63d80b8e0e863edce"
        },
        {
            "modified_time": "2023-05-22T12:35:14.320097539Z",
            "import_time": "2023-08-10T06:17:15.357006471Z",
            "versions": [
                "1.0.1"
            ],
            "source": "ossf-package-analysis",
            "sha256": "56fc103fda48c5dbaf029fee3eabebf7c262c43b198ac895e3c8f53206cd7a7a"
        },
        {
            "modified_time": "2023-05-17T13:07:38.387410468Z",
            "import_time": "2023-08-10T06:17:02.937426882Z",
            "versions": [
                "0.1.6"
            ],
            "source": "ossf-package-analysis",
            "sha256": "88f8e65efa15f6cd9e70728303511ef6ae134abf9a8525cafcf8a96deaf64ca7"
        },
        {
            "modified_time": "2023-05-17T13:05:34.917386156Z",
            "import_time": "2023-08-10T06:17:02.640399534Z",
            "versions": [
                "0.1.7"
            ],
            "source": "ossf-package-analysis",
            "sha256": "bafb281b22eb05250a14e7aa19687718b90991a9c0227b2aa3e45512820281f2"
        },
        {
            "modified_time": "2023-05-17T13:18:42.86498131Z",
            "import_time": "2023-08-10T06:17:03.156013791Z",
            "versions": [
                "0.1.5"
            ],
            "source": "ossf-package-analysis",
            "sha256": "bd45123097829e550ce00486343eb5f309448b2ce2924f66acdf3e84d306e17f"
        },
        {
            "modified_time": "2023-05-17T13:34:51.786370141Z",
            "import_time": "2023-08-10T06:17:03.403884207Z",
            "versions": [
                "0.1.4"
            ],
            "source": "ossf-package-analysis",
            "sha256": "c78b8551956b18f93116c90c41f64eaee449422c50d9797f1f0e8d88ad2d0d69"
        },
        {
            "modified_time": "2023-05-22T13:31:53.23150239Z",
            "import_time": "2023-08-10T06:17:15.598517477Z",
            "versions": [
                "1.0.0"
            ],
            "source": "ossf-package-analysis",
            "sha256": "ce2305c61e2ffaa33e2c007f99249dad245932b3862b06bfd12d1ceb306c4d0f"
        }
    ]
}
References
Credits

Affected packages

PyPI / pandasprox

Package

Name
pandasprox
View open source insights on deps.dev
Purl
pkg:pypi/pandasprox

Affected ranges

Affected versions

0.*

0.1.4
0.1.5
0.1.6
0.1.7
0.1.8
0.1.9

1.*

1.0.0
1.0.1